permission สรรหา

2024-08-20 11:04:07 +07:00 · 2024-08-20 11:04:07 +07:00 · dd5466de21
commit dd5466de21
parent 0b753795b8
6 changed files with 220 additions and 5 deletions
--- a/Controllers/DisableController.cs
+++ b/Controllers/DisableController.cs
@ -24,6 +24,8 @@ using System.Net;
 using System.Net.WebSockets;
 using System.Security.Claims;
 using System.Text;
+using Newtonsoft.Json.Linq;
+using Newtonsoft.Json;

 namespace BMA.EHR.Recurit.Exam.Service.Controllers
 {
@ -43,7 +45,7 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
        private readonly IWebHostEnvironment _webHostEnvironment;
        private readonly DisableService _disableService;
        private readonly PeriodExamService _periodExamService;
-
+        private readonly PermissionRepository _permission;
        private readonly IHttpContextAccessor _httpContextAccessor;
        private readonly ILogger<DisableController> _logger;

@ -58,7 +60,8 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
                                 DisableService disableService,
                                 PeriodExamService periodExamService,
                                 IHttpContextAccessor httpContextAccessor,
-                                 ILogger<DisableController> logger)
+                                 ILogger<DisableController> logger,
+                                 PermissionRepository permission)
        {
            _context = context;
            _contextMetadata = contextMetadata;
@ -68,6 +71,7 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
            _periodExamService = periodExamService;
            _httpContextAccessor = httpContextAccessor;
            _logger = logger;
+            _permission = permission;
        }

        #endregion
@ -556,6 +560,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
        {
            try
            {
+                var action = "UPDATE";
+                var system = "SYS_EXAM_SELECT";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                var data = await _context.PeriodExams.AsQueryable()
                                    .Where(x => x.CheckDisability == true)
                                    .FirstOrDefaultAsync(x => x.Id == id);
@ -611,6 +624,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
        {
            try
            {
+                var action = "DELETE";
+                var system = "SYS_EXAM_SELECT";
+                var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+                var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+                if (jsonData["status"]?.ToString() != "200")
+                {
+                    return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+                }
+                var attrPrivilege = jsonData["result"]?.ToString();
                var data = await _context.PeriodExams.AsQueryable()
                                .Where(x => x.CheckDisability == true)
                                .Include(x => x.ImportFile)
@ -1097,6 +1119,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
        public async Task<ActionResult<ResponseObject>> ImportCandidateFileByIdAsync(Guid id)
        {
+            var action = "CREATE";
+            var system = "SYS_EXAM_SELECT";
+            var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
+            var attrPrivilege = jsonData["result"]?.ToString();
            var tmpDir = Path.Combine(_webHostEnvironment.ContentRootPath, "tmp");
            if (!Directory.Exists(tmpDir))
                Directory.CreateDirectory(tmpDir);
@ -1341,6 +1372,15 @@ namespace BMA.EHR.Recurit.Exam.Service.Controllers
        [HttpPost("score/{id:length(36)}"), DisableRequestSizeLimit]
        public async Task<ActionResult<ResponseObject>> ImportScoreFileAsync(Guid id)
        {
+            var action = "CREATE";
+            var system = "SYS_EXAM_SELECT";
+            var getPermission = await _permission.GetPermissionAPIAsync(action, system);
+            var jsonData = JsonConvert.DeserializeObject<JObject>(getPermission);
+            if (jsonData["status"]?.ToString() != "200")
+            {
+                return Error(jsonData["message"]?.ToString(), StatusCodes.Status403Forbidden);
+            }
+            var attrPrivilege = jsonData["result"]?.ToString();
            var tmpDir = Path.Combine(_webHostEnvironment.ContentRootPath, "tmp");
            if (!Directory.Exists(tmpDir))
                Directory.CreateDirectory(tmpDir);